[CentOS] New firewall, need mac changed
Richard Karhuse
rkarhuse at gmail.com
Sun Apr 20 10:56:17 UTC 2008
On Sat, Apr 19, 2008 at 3:53 PM, Joseph L. Casale <jcasale at activenetwerx.com>
wrote:
> >Modify /etc/sysconfig/network-scripts/ifcfg-ethX and remove the HWADDR
> >line if you have one, and add a MACADDR with the mac address you want
> >to use.
> >
> >Beware, some network cards may protest having the mac address changed,
> >and using both HWADDR and MACADDR can cause issues. See
> >/usr/share/doc/initscripts-*/sysconfig.txt for details.
>
> Jim,
> I appreciate the confirmation, that was the method I was going to use. I
> am only unsure about what *could* happen with the HWADDR in there, can
> eth{n} now maybe bind to a different nic under some circumstance?
>
> How can I always force the nic in question to use this script?
>
> Thank you!
> jlc
> <CentOS at centos.org> <http://lists.centos.org/mailman/listinfo/centos>
>
Here is an outline of what I do to "lock-down" interfaces -- which relies
mainly on using a fairly new feature "udev":
/etc/modprobe.conf: make sure the lines --
alias eth? <driver>
are in the correct order, e.g.:
alias eth0 e1000
alias eth1 e1000
alias eth2 tg3
/etc/udev/rules.d/: create network rules file (if needed) and
add lines that associate a given NIC to its eth? interface.
Use "udevinfo -a -p /sys/class/net/eth?" to get various
features or attributes to find the NIC that you want to call
eth<X>. [Note: this seems to change from release to
release, so this is a little general.] You might want to put
lines like:
Kernel==eth? ID==0000:03:02.0 Name=eth0
Kernel==eth? ID==0000:03:02.1 Name=eth1
or
Kernel==eth? Sys{vendor}==0x8086 Sys{device}==0x032a Name=eth0
Kernel==eth? Sys{vendor}==0x8086 Sys{device}==0x1079 Name=eth1
/etc/sysconfig/network-scripts/ifcfg-eth<X>:
As other have suggested, now put MACADDR= into these files with the
desired MAC address that you want the interface to be set to and
delete the HWADDR.
Now, reboot, test and repeat as needed:-):-) ...
I hope that helps and is useful ...
-rak-
Note: I just checked a Fedora 8 box and some of the above has
changed -- udev is the way to go, but be advised that this feature
appears to be evolving and changing -- hopefully for the better!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080420/5376508b/attachment.html>
More information about the CentOS
mailing list